From: Panda_man on
Command prompt is different from Safe Mode with command prompt

The sollution:
http://free.hit.bg/fightmalware/homepage_en.htm


Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://free.hit.bg/fightmalware/homepage_en.htm


"benjammin" wrote:

> I tried using your method - in command prompt, i typed sfc.exe, then tried
> scannow, but it said 'error code is 0x000006ba (The RPC server is
> unavailable) and same sort of thing with other scans - what does this mean?
>
> "Eric" wrote:
>
> > Try booting in safe mode/command prompt. The file shouldn't be open then.
> >
> > "benjammin" wrote:
> >
> > > I have a Trojan download in C:\windows\system32\browsela.dll, and can't
> > > delete it.
> > >
> > > Same applies to w32.looksky.A(a)mm in local settings somewhere.
> > >
> > > How can I get rid of these things if my antivirusdoesn't?
From: benjammin on
These are helpful, but no spyware removal things will remove this, I need
something different - what does Dave Lipman's thing actually do? Preferably,
I'd just like to run the sfc/scannow, so does anyone know why it might not
work?

"Malke" wrote:

> benjammin wrote:
>
> > I have a Trojan download in C:\windows\system32\browsela.dll, and
> > can't delete it.
> >
> > Same applies to w32.looksky.A(a)mm in local settings somewhere.
> >
> > How can I get rid of these things if my antivirusdoesn't?
>
> Since you didn't mention what av you are using, run either Sysclean or
> Dave Lipman's Multi-AV:
>
> http://www.elephantboycomputers.com/page2.html#TrendMicros_Sysclean
> http://www.ik-cs.com/multi-av.htm - how to use Dave Lipman's Multi-AV
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe - Multi-AV download
>
> Continue with general malware removal -
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>
From: cquirke (MVP Windows shell/user) on
On Tue, 03 Jan 2006 11:18:58 GMT, Leythos <void(a)nowhere.lan> wrote:
>benjammin(a)discussions.microsoft.com says...

>> what does Dave Lipman's thing actually do?

>David's product works wonders using the manual scan engines from several
>different vendors, and it has several fixes he's created to resolve
>problems caused by malware that are not fixed by virus removal.

>You really need to follow this directions exactly, and if you do, it
>will leave you with a clean machine.

I've downloaded it and read the HTML, but haven't used it yet - I'm
interested in seeing if it can be adapted to more formal use.

As it is, AFAIK it starts by downloading stuff (updates etc.) from
within normal (infected) Windows, then is to be used from Safe Mode,
etc. As Safe Mode doesn't suppress all explicit integrations and will
be likely to run intrafile code infectors, I'd really prefer to work
"from orbit", e.g. from Bart CDR boot.

At the least, I'd like to get updates etc. and prepare the scanners
from a clean PC, and then run them from Safe Mode on the infected PC,
preferably from read-only storage such as locked USB stick or CDRW.

Also, remember to re-apply any HOSTS-mediated static protection, such
as Spyware Blaster or certain off-the-peg antimalware HOSTS files, as
Dave's procedure appears to leave the existing HOSTS deactivated.

I'm working on a scanning wizard for Bart PE CDR boot that will run a
sequence of 5 av scanners with a minimum of stop/go interaction, so I
was interested in how Dave's worked.



>------------ ----- ---- --- -- - - - -
The most accurate diagnostic instrument
in medicine is the Retrospectoscope
>------------ ----- ---- --- -- - - - -
From: David H. Lipman on
From: "benjammin" <benjammin(a)discussions.microsoft.com>

| These are helpful, but no spyware removal things will remove this, I need
| something different - what does Dave Lipman's thing actually do? Preferably,
| I'd just like to run the sfc/scannow, so does anyone know why it might not
| work?
|

SFC is the System File Checker and is NOT a program for dealing with malware. It is a tool
for dealing with OS corruption where a specific EXE or DLL file was accidentdetally replaced
with an older version file. For example, you install WinXP SP2 and you installed a new
printer but did not slipstream the installation files and a SP1 DLL replaced a SP2 DLL file.

The SFC can replace the faulty DLL with a SP2 DLL from a cache.

The tool that I suggested spaecifically seeks out Trojans, Viruses and other forms of
malware and removes them.

I suggest you use my tool and start with the McAfee module.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


From: David H. Lipman on
From: "cquirke (MVP Windows shell/user)" <cquirkenews(a)nospam.mvps.org>


|
| I've downloaded it and read the HTML, but haven't used it yet - I'm
| interested in seeing if it can be adapted to more formal use.
|
| As it is, AFAIK it starts by downloading stuff (updates etc.) from
| within normal (infected) Windows, then is to be used from Safe Mode,
| etc. As Safe Mode doesn't suppress all explicit integrations and will
| be likely to run intrafile code infectors, I'd really prefer to work
| "from orbit", e.g. from Bart CDR boot.
|
| At the least, I'd like to get updates etc. and prepare the scanners
| from a clean PC, and then run them from Safe Mode on the infected PC,
| preferably from read-only storage such as locked USB stick or CDRW.
|
| Also, remember to re-apply any HOSTS-mediated static protection, such
| as Spyware Blaster or certain off-the-peg antimalware HOSTS files, as
| Dave's procedure appears to leave the existing HOSTS deactivated.
|
| I'm working on a scanning wizard for Bart PE CDR boot that will run a
| sequence of 5 av scanners with a minimum of stop/go interaction, so I
| was interested in how Dave's worked.
|
>> ------------ ----- ---- --- -- - - - -
| The most accurate diagnostic instrument
| in medicine is the Retrospectoscope
>> ------------ ----- ---- --- -- - - - -

Any time you'd like to discuss my tool(s), you have my email address.

While you mention booting from a Bart PE, the included PDF file does provide instructions
for creating a DOS Boot Disk or DOS Boot Disk with NTFS4DOS for outside the OS scanning.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm